Researcher: Hardware “No-Execute” Zone Is No Big Security Deal - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
7/28/2005
03:54 PM
50%
50%

Researcher: Hardware “No-Execute” Zone Is No Big Security Deal

Both Intel and AMD have touted the notion, which essentially means setting some areas of memory as off-bounds to prevent worms and other malicious code from inserting functions into memory and executing them. But one researcher says the scheme won’t stop all attacks.

The no-execute feature that's been folded in the newest processors to ward off malicious attacks isn't the panacea that many users think it is, a security researcher at the Black Hat conference claimed in his presentation Wednesday. Such perceptions aren't necessarily being stoked by the likes of chipmakers Intel and AMD, but users are picking them up anyway, often from media reports.

AMD calls the feature "Enhanced Virus Protection" (EVP) and Intel calls it eXecute Disable (or XD). More generically, it's known as NX, for No eXecute. Essentially, it's a way to specify protected portions of memory so that processor instructions can't execute there. The idea behind setting some areas of memory as off-bounds is to prevent worms and other malicious code from inserting functions into memory and executing them.

AMD has touted EVP within its 64-bit Athlon processors as a security technology that lets "you enjoy peace of mind." But chip vendors haven't portrayed NX as a panacea. AMD, for instance, calls EVP a "preventative measure" that won't prevent malicious code attacks, but will make them "localized, short-lived, and non-contagious."

Intel, meanwhile, takes a similar line, saying that the impact of future mass-mailed worms in the Slammer and MSBlast vein would be "substantially reduced" by XD.

The problem, said David Maynor, an engineer with Internet Security Systems' (ISS) X-Force research team, is that such caveats have been lost in the media reports about NX, which have over-simplified the technology's effectiveness. "Some claims of NX paint it as a silver bullet," said Maynor. "The hype is the NX stops all security exploits dead in their tracks, and that we don't have to worry about the next MSBlast."

That's simply untrue, said Maynor. NX won't stop all attacks that are aimed at creating a buffer overflow, the most commonly-used tactic today for compromising a system. "I can still execute code on an NX-enabled machine," said Maynor. "It just requires a slightly more tricky technique."

A "return-to-libc attack," for instance, in which the return address on the stack is replaced by the address of another function, could be the basis for assaults on a non-executable memory stack, Maynor explained.

Attackers could also create fake stack frames to bypass the memory protection that NX provides, said Maynor. Such techniques aren't new; they've been explored by those wanting to exploit other no-execute-protected processors and operating systems in the Unix world, such as Sun's SPARC and Solaris OS.

"NX isn't designed to stop anything," said Maynor. "It's not been able to mitigate against security threats in Unix" and it won't do that for desktop operating systems like Windows.

Microsoft calls NX by yet another name, Data Execution Prevention, or DEP, in Windows XP SP2 and Windows Server 2003 SP1. Microsoft said the feature will also be enabled by default on critical Windows services in Windows Vista, which just entered Beta 1 testing this week.

"One of our goals is that although NX's limitations are known in the security world, they're not in corporate America," explained Maynor when asked why he was broadcasting NX's deficiencies. "They think it's going to be a silver bullet. It's just dangerous to rely on a single point of technology."

"At best, NX is a speed bump for intruders, not a stop sign," Maynor added.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
Why It's Nice to Know What Can Go Wrong with AI
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  11/11/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll